diff options
Diffstat (limited to 'auth-rh-rsa.c')
-rw-r--r-- | auth-rh-rsa.c | 49 |
1 files changed, 33 insertions, 16 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 1392455cb..19782577b 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -15,7 +15,18 @@ | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $"); | 18 | RCSID("$Id: auth-rh-rsa.c,v 1.8 2000/03/26 03:04:52 damien Exp $"); |
19 | |||
20 | #ifdef HAVE_OPENSSL | ||
21 | #include <openssl/bn.h> | ||
22 | #include <openssl/rsa.h> | ||
23 | #include <openssl/dsa.h> | ||
24 | #endif | ||
25 | #ifdef HAVE_SSL | ||
26 | #include <ssl/bn.h> | ||
27 | #include <ssl/rsa.h> | ||
28 | #include <ssl/dsa.h> | ||
29 | #endif | ||
19 | 30 | ||
20 | #include "packet.h" | 31 | #include "packet.h" |
21 | #include "ssh.h" | 32 | #include "ssh.h" |
@@ -23,37 +34,44 @@ RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $"); | |||
23 | #include "uidswap.h" | 34 | #include "uidswap.h" |
24 | #include "servconf.h" | 35 | #include "servconf.h" |
25 | 36 | ||
37 | #include "key.h" | ||
38 | #include "hostfile.h" | ||
39 | |||
26 | /* | 40 | /* |
27 | * Tries to authenticate the user using the .rhosts file and the host using | 41 | * Tries to authenticate the user using the .rhosts file and the host using |
28 | * its host key. Returns true if authentication succeeds. | 42 | * its host key. Returns true if authentication succeeds. |
29 | */ | 43 | */ |
30 | 44 | ||
31 | int | 45 | int |
32 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, | 46 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) |
33 | BIGNUM *client_host_key_e, BIGNUM *client_host_key_n) | ||
34 | { | 47 | { |
35 | extern ServerOptions options; | 48 | extern ServerOptions options; |
36 | const char *canonical_hostname; | 49 | const char *canonical_hostname; |
37 | HostStatus host_status; | 50 | HostStatus host_status; |
38 | BIGNUM *ke, *kn; | 51 | Key *client_key, *found; |
39 | 52 | ||
40 | debug("Trying rhosts with RSA host authentication for %.100s", client_user); | 53 | debug("Trying rhosts with RSA host authentication for %.100s", client_user); |
41 | 54 | ||
55 | if (client_host_key == NULL) | ||
56 | return 0; | ||
57 | |||
42 | /* Check if we would accept it using rhosts authentication. */ | 58 | /* Check if we would accept it using rhosts authentication. */ |
43 | if (!auth_rhosts(pw, client_user)) | 59 | if (!auth_rhosts(pw, client_user)) |
44 | return 0; | 60 | return 0; |
45 | 61 | ||
46 | canonical_hostname = get_canonical_hostname(); | 62 | canonical_hostname = get_canonical_hostname(); |
47 | 63 | ||
48 | debug("Rhosts RSA authentication: canonical host %.900s", | 64 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); |
49 | canonical_hostname); | 65 | |
66 | /* wrap the RSA key into a 'generic' key */ | ||
67 | client_key = key_new(KEY_RSA); | ||
68 | BN_copy(client_key->rsa->e, client_host_key->e); | ||
69 | BN_copy(client_key->rsa->n, client_host_key->n); | ||
70 | found = key_new(KEY_RSA); | ||
50 | 71 | ||
51 | /* Check if we know the host and its host key. */ | 72 | /* Check if we know the host and its host key. */ |
52 | ke = BN_new(); | ||
53 | kn = BN_new(); | ||
54 | host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, | 73 | host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, |
55 | client_host_key_e, client_host_key_n, | 74 | client_key, found); |
56 | ke, kn); | ||
57 | 75 | ||
58 | /* Check user host file unless ignored. */ | 76 | /* Check user host file unless ignored. */ |
59 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | 77 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { |
@@ -73,14 +91,13 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, | |||
73 | /* XXX race between stat and the following open() */ | 91 | /* XXX race between stat and the following open() */ |
74 | temporarily_use_uid(pw->pw_uid); | 92 | temporarily_use_uid(pw->pw_uid); |
75 | host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, | 93 | host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, |
76 | client_host_key_e, client_host_key_n, | 94 | client_key, found); |
77 | ke, kn); | ||
78 | restore_uid(); | 95 | restore_uid(); |
79 | } | 96 | } |
80 | xfree(user_hostfile); | 97 | xfree(user_hostfile); |
81 | } | 98 | } |
82 | BN_free(ke); | 99 | key_free(client_key); |
83 | BN_free(kn); | 100 | key_free(found); |
84 | 101 | ||
85 | if (host_status != HOST_OK) { | 102 | if (host_status != HOST_OK) { |
86 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 103 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |
@@ -90,7 +107,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, | |||
90 | /* A matching host key was found and is known. */ | 107 | /* A matching host key was found and is known. */ |
91 | 108 | ||
92 | /* Perform the challenge-response dialog with the client for the host key. */ | 109 | /* Perform the challenge-response dialog with the client for the host key. */ |
93 | if (!auth_rsa_challenge_dialog(client_host_key_e, client_host_key_n)) { | 110 | if (!auth_rsa_challenge_dialog(client_host_key)) { |
94 | log("Client on %.800s failed to respond correctly to host authentication.", | 111 | log("Client on %.800s failed to respond correctly to host authentication.", |
95 | canonical_hostname); | 112 | canonical_hostname); |
96 | return 0; | 113 | return 0; |
@@ -101,7 +118,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, | |||
101 | */ | 118 | */ |
102 | 119 | ||
103 | verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", | 120 | verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", |
104 | pw->pw_name, client_user, canonical_hostname); | 121 | pw->pw_name, client_user, canonical_hostname); |
105 | packet_send_debug("Rhosts with RSA host authentication accepted."); | 122 | packet_send_debug("Rhosts with RSA host authentication accepted."); |
106 | return 1; | 123 | return 1; |
107 | } | 124 | } |